lila 安全漏洞

Lila is an ad-free and open-source chess server developed by Lichess. Lila has a security vulnerability that stems from allowing approved hosts to inject arbitrary HTML, which may lead to server-side HTML injection attacks...

EUVD-2025-175319

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

lila 安全漏洞

lila is an ad-free and open source chess server from Lichess Open Source. A security vulnerability exists in lila, which stems from the unvalidated direct passing of the players parameter in the game export API, which could lead to server-side request forgery...

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

CVE-2025-52186

Summary: CVE-2025-52186 affects Lichess Lila (before commit 11b4c0fb00f0ffd823246f839627005459c8f05c) with a Server-Side Request Forgery (SSRF) in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing a remote attacker to compel the ...

EUVD-2025-15174

Malicious code in bioql PyPI...

Lichess: Path Traversal Vulnerability in Lila Project

A path traversal vulnerability was discovered in the Lila project that allowed an attacker to access arbitrary files on the server by manipulating user-supplied input to traverse outside the intended directory structure...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

lila 安全漏洞

lila is an ad-free and open source chess server from Lichess Open Source. A security vulnerability exists in previous versions of lila ab0beaf, which stems from improper use of innerHTML in powertip.ts and could lead to cross-site scripting attacks...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

CVE-2025-48051

CVE-2025-48051 affects Lila (for Lichess); powertip.ts uses innerHTML to extract text from a DOM node and interpret it as HTML, enabling Cross-Site Scripting (XSS) in some applications. The root cause is the unsafe innerHTML pattern in powertip.ts before commit ab0beaf. Impact is XSS where user-c...

PT-2025-21332 · Lila · Lila

Name of the Vulnerable Software and Affected Versions: Lila for Lichess version before ab0beaf Description: The issue is related to an innerHTML usage pattern in powertip.ts, where text is extracted from a DOM node and interpreted as HTML, allowing Cross-Site Scripting XSS in some applications...

lila-show.com Cross Site Scripting vulnerability OBB-3630489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lila-show.com Cross Site Scripting vulnerability OBB-3200316

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

moodle.lila.school Cross Site Scripting vulnerability OBB-2154278

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

lila-logistik-node01.de XSS vulnerability

Open Bug Bounty ID: OBB-606610 Description| Value ---|--- Affected Website:| lila-logistik-node01.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

lila-lust.de XSS vulnerability

Vulnerable URL: http://lila-lust.de/markt/schnellsuche.php Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 21.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 642669 VIP website status:| No Coordinated Disclosur...